Serial consoles are great, there'​s just one problem - the routers run on 3.3v and a normal PC serial port puts out +/-12v, easily frying a router. This means that a level shifter such as a max233 is required (free samples can be obtained from Texas Instruments or Maxim), and adding the ICs and caps required is beyond the ability of most users -- luckily there'​s a shortcut. Most cellphones are either USB or 3.3v serial, so the data cable for a 3.3v cellphone can be used to make an easy and professional looking serial console connection (e.g the DKU-5 Cable for Nokia handsets). You only need to identify and connect 4 wires (vcc, rx, tx, gnd) -- and if your cable uses a pl2303 you can skip the vcc connection.

+

+

Serial console allows you to interact with the CFE command line, watch the kernel boot and console access to linux. This is probably the only way you'll every get any meaningful feedback about the device boot up.

+

+

=== Arduino ===

+

+

If you have an Arduino board you can upload a sketch that will send the debrick commands via serial. An example that works for the TP-WR703N is available here: https://​forum.openwrt.org/​viewtopic.php?​pid=191463. Note that the commands for your router could be different!

+

+

=== WIFI ===

+

If by chance the lan bridge is not working after flashing and the router is inaccessible,​ it might be worth a shot to use the serial instructions to add a serial port and configure Wifi. If ssh connection via Wifi is working a newer/​bugfixed/​stable image can be copied via scp and then installed via sysupgrade command.

+

+

===== LEDs =====

+

Most people assume the LEDs on the front are deterministic,​ and that by telling you which LEDs are lit you can instantly tell if the hardware is working or where it crashed in bootup. This unfortunately isn't the slightest bit true.

+

+

- Power LED. The biggest mistake people make here is "my power led is blinking, what does that mean?"​. There'​s an assumption that if the LED is blinking there must be software turning the LED on and off, and that it must mean something. The blinking is actually done in hardware; software only as the ability to set the LED "​on"​ or "​blink"​ -- it defaults to blink on power up and isn't set to on until after the firmware boots. If the led is on then you know the firmware booted; blinking really doesn'​t tell you much.

+

- Switch LEDs. The second common mistake is "the switch still works"​. Of course the switch still works, it's a separate piece of hardware and the LEDs are wired directly to it. The only useful bit of information you can get is "all the switch LEDs are lit". When the switch chip is reset, all of the ports will light up (even if no devices are connected) for about a second; this happens at power up and again as the firmware boots and reprograms the switch. If they stay lit, you're either a moron for not noticing the ports are actually in use, or someone has broken/​shorted the switch chip. You can also notice reboot loops by watching for the switch reset.

- Wifi. Controlled by the wifi driver; trivia - the wifi driver can also reset the power led in certain situations.

+

+

+

===== Stupid things people do =====

+

+

Pin shorting

+

+

In the past we used to suggest that people shorted a few pins of the flash; when CFE booted and attempted to perform the CRC32 there would be a flash read error which would change the outcome of the CRC and the resulting failure would force CFE into recovery mode. It's a great trick, but over the years we've learned that people are idiots and will take that as an invitation to poke mangle and short just about every pin on the device based on some irrational belief that if they find the right pin everything will magically work again. You do not want someone paranoid at the thought of breaking the device scraping up every single electrical connection on the device -- it never ends well, and generally results in the flash chip or the router being damaged in the process.

+

+

- frying a chip (worst case)

+

- lifting/​breaking electrical connections

+

- permanently shorting (best case)

+

+

The best case is that they simply bent a pin and you can easily bend it back - providing you can find it.

+

+

Depending on which pins are shorted/​broken,​ it may be possible to access CFE but not to access the rest of the flash. Meaning CFE boots fine but can't read or write the firmware. This can be confirmed by JTAG.

+

+

Wrong CFE version -

+

Loading the wrong CFE version can also lead to devices which boot into CFE but are unable to write to the flash, or are unable to initialize the networking.

+

+

And yes, there are actually a few obscure versions that require the firmware to be named "​code.bin"​ or a specific port to be used. Unfortunately nobody can remember exactly which devices, leading to all sorts of superstition.

+

+

This article is based on: [[https://​forum.openwrt.org/​viewtopic.php?​id=11304]]

+

+

----

+

+

* [[https://​forum.openwrt.org/​viewtopic.php?​pid=128790#​p128790]]

+

+

+

===== by Vavasik =====

+

In this case, someone manage to wipe out the [[doc:​techref:​Bootloader]] of his [[/​toh/​d-link/​dir-825|D-Link DIR-825]].

- Find an IC SPI Flash SPANSION S25FL064A (Package SO3 016 wide), it is located on the backside of the router PCB.

+

- There are some variations regarding the IC used by D-LINK. In my particular case, the IC is from a different player. It is a ST Microelectronics chip labeled 5P64V6P 7B469 VS, but the pin outs are exactly the same.

+

- To record to flash chip it is necessary to build a simple cable that is connected in one side, to PARALEL PORT of your computer, and on other side you have to SOLDERING THE WIRES DIRECTLY INTO IC PINS.

It is also necessary to provide some external power supply (during the flashing process the router’s power adapter connector should be NOT INSERTED). So, in my case I decided to use a simple 3 x AAA 1.2 Volt NiMH battery holder that I assembled together with the cable itself.

+

+

Since the batteries are placed in a serial arrange, the final voltage of the set is 3.6 Volt.

- 4 It is not necessary but it could prove useful, to be capable to follow the boot process through serial console. In order to achieve that it is recommended to install some connections pins into the empty board holes related to JP1 connector. You can use the pins from old computer parts.

+

+

<​code>​

+

DIR 825 SERIAL PINOUTS (connector JP1) is:

+

+

PIN 1 -> 3.3V (Pin 1 is the one close to a small switch and a LED indicator)

+

PIN 2 -> RX

+

PIN 3 -> TX

+

PIN 4 -> GND

+

</​code>​

+

+

- <5> Use a TTL to RS-232 cable to connect to serial console. A good, easy and cheap option is to buy a USB to Phone cable like the model CA-42. Here in Brazil this cable can be found for about US$ 3.00.

+

+

Since you have the cable all you have to do is to cut off the Phone connector side and to identify the GROUND; TX and RX wires. It is quite easy and the web is plenty of guides that teach how to do that.

+

+

Use a terminal emulator software (I like PuTTY) configured as follow:

+

+

Speed (baud) 115200

+

Data Bits 8

+

Stop Bits 1

+

Parity None

+

Flow Control XON / XOFF

+

+

* 6 Now that the LPT ADAPTER is done and its wires are soldering to the chip, you have to connect the other side to LPT interface of your computer and also to connect the 3,6V external battery array. You must see the light of some LEDs on board.

+

* 7 So, if everything is done properly, download the software SPIPGMW at the following address: [[http://​rayer.ic.cz/​programm/​programm.htm#​SPIPGM]] Run it in a DOS session. It is good use the key “i” in order to check if the chip is correctly identified.